diff options
Diffstat (limited to 'policy/modules/contrib/razor.if')
-rw-r--r-- | policy/modules/contrib/razor.if | 130 |
1 files changed, 0 insertions, 130 deletions
diff --git a/policy/modules/contrib/razor.if b/policy/modules/contrib/razor.if deleted file mode 100644 index 1e4b523b..00000000 --- a/policy/modules/contrib/razor.if +++ /dev/null @@ -1,130 +0,0 @@ -## <summary>A distributed, collaborative, spam detection and filtering network.</summary> - -####################################### -## <summary> -## The template to define a razor domain. -## </summary> -## <param name="domain_prefix"> -## <summary> -## Domain prefix to be used. -## </summary> -## </param> -# -template(`razor_common_domain_template',` - gen_require(` - attribute razor_domain; - type razor_exec_t; - ') - - ######################################## - # - # Declarations - # - - type $1_t, razor_domain; - domain_type($1_t) - domain_entry_file($1_t, razor_exec_t) - - ######################################## - # - # Declarations - # - - auth_use_nsswitch($1_t) -') - -######################################## -## <summary> -## Role access for razor. -## </summary> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <param name="domain"> -## <summary> -## User domain for the role. -## </summary> -## </param> -# -interface(`razor_role',` - gen_require(` - attribute_role razor_roles; - type razor_t, razor_exec_t, razor_home_t; - type razor_tmp_t; - ') - - roleattribute $1 razor_roles; - - domtrans_pattern($2, razor_exec_t, razor_t) - - ps_process_pattern($2, razor_t) - allow $2 razor_t:process signal; - - allow $2 { razor_home_t razor_tmp_t }:dir { manage_dir_perms relabel_dir_perms }; - allow $2 { razor_home_t razor_tmp_t }:file { manage_file_perms relabel_file_perms }; - allow $2 razor_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms }; - - userdom_user_home_dir_filetrans($2, razor_home_t, dir, ".razor") -') - -######################################## -## <summary> -## Execute razor in the system razor domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`razor_domtrans',` - gen_require(` - type system_razor_t, razor_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, razor_exec_t, system_razor_t) -') - -######################################## -## <summary> -## Create, read, write, and delete -## razor home content. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`razor_manage_home_content',` - gen_require(` - type razor_home_t; - ') - - userdom_search_user_home_dirs($1) - allow $1 razor_home_t:dir manage_dir_perms; - allow $1 razor_home_t:file manage_file_perms; - allow $1 razor_home_t:lnk_file manage_lnk_file_perms; -') - -######################################## -## <summary> -## Read razor lib files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`razor_read_lib_files',` - gen_require(` - type razor_var_lib_t; - ') - - files_search_var_lib($1) - read_files_pattern($1, razor_var_lib_t, razor_var_lib_t) -') |